Analysis Date2014-12-20 00:56:14
MD5574dc90a41c53b118305fde892b6920a
SHA11eb6548213a6f343d75e52ed92e0bb58ab694968

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 SafeTrojan.Encpk.Gen.4
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)Blackbeard-AH [Cryp]
AVArcabit (arcavir)Trojan.Encpk.Gen.4
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.VB.6721
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.VbInject.LD3
AVClamAVno_virus
AVDr. WebTrojan.PWS.Panda.2401
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/Injector.ATSA
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)PSW.Generic12.RLG
AVIkarusTrojan-PWS.Win32.Tepfer
AVK7Trojan ( 0040f79d1 )
AVKasperskyTrojan-PSW.Win32.Tepfer.stsw
AVMalwareBytesTrojan.VBInject
AVMcafeePWS-Zbot.gen.oj
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecno_virus
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Tepfer

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
.

@@,<
040904B0
19>T<&9O50#T'=
@@"4
4.01.0454
4?~QUW
562854685255h55
,94*
AccessKeyPress: 
*\AD:\a498d7az879a8zd\REeB.vbp
ADF3pV1
AmbientChanged: 
AmbientChanged: all
AsyncReadComplete: 
Click
CompanyName
@-c.rar
DblClick
Dino1
Dino1.exe
DragDrop: 
DragOver: 
EnterFocus
ExitFocus
FileVersion
GotFocus
Initialize
InitProperties
InternalName
ireeghjkrdy
it1cyAbuM
JOJEg1QgR
KeyDown: 
KeyPress: 
KeyUp: 
K:UB]B]B]B
loihytgvfd
LostFocus
]Lt]4
MouseDown: 
MouseMove: 
MouseUp: 
Name
OLECompleteDrag: 
OLEDragDrop: 
OLEDragOver: 
OLEGiveFeedback: 
OLESetData: 
OLEStartDrag: 
OriginalFilename
Paint
ProductName
ProductVersion
PUJ6
rA133F000-CCB0-11d0-A316-00AA00688B10
ReadProperties
Resize: 
RyxrAd7
StringFileInfo
Terminate
tIMtnzuHVCz
Translation
VarFileInfo
VS_VERSION_INFO
WriteProperties
Z8892PwX
|{{{{{{
  *//)
0/ag`c^9
0jjjjjjjjjjj
.-12z&&&
1e562854685255h55
2d3(Uh:
3MMMMMNK4-
4	,"59:[sM
;4,S(qA
562854685255h55
562854685255h55221548949mm562854685255h55
6[bBn,
6[EyoK
7:a_]<yjjjjj
7:a_]<yjjjjjjjjjjjjjjjjjjjjjjjjj
]7Jik77
7lmmnb
////	+8}j
////	+8}jjjjjjjjjj
/////+8}jjjjjjjjjjjjjjjjjjjjj
8~{jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj&0
!a6B\l<
altblssyeeibwh
AMQQQRH<
:a_]<yjjjjj
b>0/ag`c^9
BoundText
C: >|~
C_dcHj
C_dcHz
C_dcHzjjjjjjjjj
CloseHandle
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
CreateFileW
CX[\^^^^^\[K'jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj!PZ[^cdeec^\?
CX[\^^^^^\[K'jjjjjjjjyD
CX[\^^^^^\[K' jj!PZ[^^eeec^\?
CZ\[<{ll CZ\[<
`.data
DataCombo
DataCombo1
~DataCombo1
DataList
DataList1
DefWindowProcA
DllFunctionCall
$dpe(|+9
\D`YvX_\Q
Ejjjjjwwt
Events
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
-f	.hE
Frame1
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
}]&GO&0
gW+4l%
H5;4c_
HQRSSSSSRQQ;~jjj
HQRSSSSSRQQ;~jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
HQRSSSSSRQQ;~jyyyyylo
HSTTUUTTTSR6 jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
HSTTUUUTTSR6 jjj
HSTTUUUTTSR6 jjjjjjllllljjjjjj
HTWXWWWXWTT2 jj
HTWXWWWXWTT2 jjjjjjjyD
HTWXWWXXWTT2 jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
I5)L{c
I"pZxC
&	IT${
-$j*<GH<'$$$$<GH<
 jj *//)
{jjj{0
#jjjj|
+ jjjj{{{}
{jjjj1,
jjjj3,
~ {{jjjjj{
=jjjjj
jjjjj{{{{{|
/jjjjjj
"jjjjjj
{jjjjjj
#jjjjjj3MMMMMNK4-
=jjjjjjj
)+@( jjjjjjj{{
jjjjjjjjj
" {{jjjjjjjjj
)	#jjjjjjjjj
}jjjjjjjjj
jj    jjjjj    jj 
jjjjjj}}}|jjj
jjjjjjjjj*<GH<
)+@({jjjjjjjjjj
/jjjjjjjjjjj
 jjjjjjjjjjjj
{jjjjjjjjj{{{{{jjjjj1,
/jjjjjjjjjjjjjjj
{jjjjjjjjjjjjjjjj
" jjjjjjjjjjjjjjjj{0
{jjjjjjjjjjjjjjjjj
+ jjjjjjjjjjjjjjjjj
 jjjjjjjjjjjjjjjjjj{
~   jjjjjjjjjjjjjjjjjjjj{{{}
+ jjjjjjjjjjjjjjjjjjjj{
jjjjjjjjjjjjjjjjjjjjj
)	#jjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjj
|jjjjjjjjjjjjjjjjjjjjjj
 jjjjjjjjjjjjjjjjjjjjjjj
+jjjjjjjjjjjjjjjjjjjjjjjj
{jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
$jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
{jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj1,
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
#jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3MMMMMNK4-
)+@( jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj{{{{{jjjjjjjjjjjjjjj}}}}}jjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj{{{{{{jjjjjjjjjjjjjjjjjjjjjjjjj{{{{{{jjjjjjjj{{{}
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj	LLLTA
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjxxxxx
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjxr0VY_efhfec]?
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjxxx
jjjjjjjjjjjjjjjjjjjjjjjjj@LLN<<
jjjjjjjjyD
jjjjjjjjyyy
jjjjjjj	LLLTA
jjjjj	LLN<
jjjjj!PZ[^^eeec^\?
jjjjjx
|{{jjjjjxxxxxx
jjjjwr0VY_efhfec]?
jjjjyD
jjoaal
jj%r0VY_efhfec]?
K4{>|q
kernel32
kernEl32
kernel32.dll
kernEl32.DLL
kijnbg
~k-K~@
kN#J#l
KqN\u2
KRSTTSR<
Kt`lc0y
KWZ[[[X<
|&	LLLTA
LoadLibraryW
lolololp
LXJT;i
lz]5V8j
m`#^!/,?
MethCallEngine
mnyyyyyj
=MQQQQQQNI<
=MQQQQQQQI<
MSDataListLib
MSDataListLib.DataCombo
MSDataListLib.DataList
MSDATLST.OCX
MSVBVM60.DLL
nhbgvfcdl
nn}}}}	LLN<<
O8"h3_
oMg3?-
OpenProcess
o+Ubec
OUUWWUU<
PQQMtd
PQ>tn{<f
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
"pwQ9 
qC:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc30554.oca
_@q@ob4]<
rd_v`$
ReadFile
RowMember
RowSource
RtlMoveMemory
sqqsv1
SystemParametersInfoA
TerminateProcess
!This program cannot be run in DOS mode.
user32.dll
UserControl
UserControl1
UWXXZZZXXWU. jj
UWXXZZZXXWU. jjjjjjjyD
UWXXZZZXXXU. jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
VBA6.DLL
__vbaExceptHandler
W[]cc\[<
`~wgt#
wkuO.{8
WriteProcessMemory
wwwpwwwpx
wwwwwp
wwwwww
wwwwwwp
:WX[[\\\[[XJ' jj
:WX[[\\\[[XJ' jjjjjjjyD
:WXZ[\\\[[XJ' jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
~:xBti
Y\ceed\<#j
yDDDFlokmniDDD
Y\deed\<#jjjjjjjjjjjjjjjjjjjjj
Y\deed\<#jjjjyD
yjjjjjjjjj
yjjjjjjjjjjjjjjjjjjjjjj
YR=s=%
yyyllllyyy
Z8Iqal
zjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj